An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bind | Isc | 9.4.0 (including) | 9.8.8 (including) |
| Bind | Isc | 9.9.0 (including) | 9.9.10 (including) |
| Bind | Isc | 9.10.0 (including) | 9.10.5 (including) |
| Bind | Isc | 9.11.0 (including) | 9.11.1 (including) |
| Bind | Isc | 9.9.0-p1 (including) | 9.9.0-p1 (including) |
| Bind | Isc | 9.9.3-s1 (including) | 9.9.3-s1 (including) |
| Bind | Isc | 9.9.10-s2 (including) | 9.9.10-s2 (including) |
| Bind | Isc | 9.10.5-p1 (including) | 9.10.5-p1 (including) |
| Bind | Isc | 9.10.5-s1 (including) | 9.10.5-s1 (including) |
| Bind | Isc | 9.10.5-s2 (including) | 9.10.5-s2 (including) |
| Bind | Isc | 9.11.1-p1 (including) | 9.11.1-p1 (including) |
| Bind9 | Ubuntu | artful | * |
| Bind9 | Ubuntu | devel | * |
| Bind9 | Ubuntu | trusty | * |
| Bind9 | Ubuntu | vivid/ubuntu-core | * |
| Bind9 | Ubuntu | xenial | * |
| Bind9 | Ubuntu | yakkety | * |
| Bind9 | Ubuntu | zesty | * |
| Red Hat Enterprise Linux 6 | RedHat | bind-32:9.8.2-0.62.rc1.el6_9.4 | * |
| Red Hat Enterprise Linux 7 | RedHat | bind-32:9.9.4-50.el7_3.1 | * |